Gaps in Endpoint Protection Platforms Call for Changes in EPP RequirementsMarch 21, 2018 | By Comodo
Endpoint Protection Platforms (EPP)
Antivirus is considered to be the very first line of defense technology for Endpoint Protection Platforms (EPP). Over the past twenty years, a number of other components have been added to EPP such as personal firewalls, anti-spyware and anti-malware, but many of these components have never been installed. Even with the latest technologies, endpoint protection gaps still exist mostly because EPP is reactive and makes use of stored information or static rules in order to detect and identify a threat. Static methodologies are not flexible enough to address modern-day threats, thus resulting in attackers effortlessly bypassing outdated EPP.
Changing EPP Requirements
Due to the existence of endpoint protection gaps, EPP requirements seem to be changing. For instance, Gartner and several other analyst firms assume that EPP needs much bigger flexibility and must possess Endpoint Detection and Response (EDR) capabilities. However, standard EPP, even when successful, fails to provide security professionals the means for understanding the “what, who and where” of a threat. This type of threat intelligence can be gathered by analysts only if they have complete visibility into every endpoint activity, timelines, processes and a potential relationship with all endpoints in the organization.
Next Generation AV (NGAV)
EPP is primarily based on stored pattern and signature files in order to stop known threats. This is also considered to be true of newer “Next Generation AV” (NGAV), which employs machine learning with static rules and policies to identify threats, thus restricting its flexibility. NGAV has no threat intelligence or endpoint visibility that will help understand a threat actor’s procedures, techniques, and tactics, which is essential for defending against modern threats. With conventional EPP, machine learning needs new rules or updates to address threats that are unknown, but unfortunately, that only takes place after a threat has been identified and the damage has already been done.
Advanced Endpoint Protection
Advanced Endpoint Protection refers to a next-generation cyber security that can block bad files and automatically contain unknown files in a virtual container with the help of containerization technology and the Default Deny Platform™. This is followed by examining an unknown “contained” file and attaining an accelerated verdict via the cloud-based Valkyrie Verdict malware analysis platform.
Comodo Advanced Endpoint Protection is capable of offering a scalable, lightweight Default Deny Platform along with a unique endpoint security approach, resulting in absolute protection and enterprise visibility. This app based platform has the potential to prevent complexity and solution overlap. It is possible to provision this Advanced Endpoint Protection within just a few minutes, and it further makes use of negligible CPU resources and needs an endpoint footprint of just about 10 MB.
With new EPP requirements, it is now clear a successful EPP in necessary to be able to automate as much threat intelligence as possible for both detection and prevention. Instead of just having the potential to react to the damage already done from a threat, analysts will be able to spend their time analyzing and enhancing their defenses by employing effective automation while leveraging powerful EDR technology.